dstiles - 9:34 pm on Dec 11, 2011 (gmt 0)

Botnets are very active at the moment, at least, on my server they are. Most botnet hits are unique - they switch IPs per page (in my experience).

And yes, a vast number of them come from USA, either from compromised "broadband" computers or from compromised server farms.

Also getting a lot of gootkit scans which look for a lot of specific PHP URLs (blocked a full /16 Egyptian range yesterday!) but although gootkit is a botnet "device" it seems to stay on a single IP until it gets fed up or firewalled.

Look through other recent postings in this forum for other comments on these phenomena.